Results 1 to 8 of 8
  1. #1
    Member
    Join Date
    Dec 2008
    Location
    Austin, Texas
    Posts
    102
    Points
    4
    Blog Entries
    1

    Default My Laptop has new pop up adds and brower randomly opens to unsolicited web pages

    I recently updated my active x drivers and now have adds popping up when clicking on any icon or explorer link and my IE browser opens and is directed to unkown or unsolicted web pages I have never visited. can anyone help locate this monster and clean this laptop up?
    Thank you for any help.
    Windows Vista, Home Premium, Dell Inspiron II720.
    see log files below.

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 06/29/2015 at 05:32 PM

    Application Version : 6.0.1194
    Database Version : 11938

    Scan type : Complete Scan
    Total Scan Time : 00:09:06

    Operating System Information
    Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
    UAC On - Limited User (Administrator User)

    Memory items scanned : 724
    Memory threats detected : 0
    Registry items scanned : 34668
    Registry threats detected : 0
    File items scanned : 5962
    File threats detected : 4

    Adware.Tracking Cookie
    C:\Users\capndavid2001\AppData\Roaming\Microsoft\Windows\Cookies\AJXWEJVC.txtC:\Users\capndavid2001\AppData\Roaming\Microsoft\Windows\Cookies\AJXWEJVC.txt [ /track.jo2alw.com ]
    C:\Users\capndavid2001\AppData\Roaming\Microsoft\Windows\Cookies\U8JM2QX2.txtC:\Users\capndavid2001\AppData\Roaming\Microsoft\Windows\Cookies\U8JM2QX2.txt [ /doubleclick.net ]
    C:\USERS\CAPNDAVID2001\Cookies\AJXWEJVC.txtC:\USERS\CAPNDAVID2001\Cookies\AJXWEJVC.txt [ Cookie:capndavid2001@track.jo2alw.com/ ]
    C:\USERS\CAPNDAVID2001\Cookies\U8JM2QX2.txtC:\USERS\CAPNDAVID2001\Cookies\U8JM2QX2.txt [ Cookie:capndavid2001@doubleclick.net/ ]

    ============
    End of Log
    ============

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/29/2015
    Scan Time: 5:38:46 PM
    Logfile: Malware Log File 6_29_15.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.06.29.05
    Rootkit Database: v2015.06.26.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: capndavid2001

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 355805
    Time Elapsed: 51 min, 55 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 3
    PUP.Optional.Blasteroids.A, C:\ProgramData\mRypDGO\YXVQbQ.exe, 2644, , [80f97a463852c274eccfe7d8ab56669a]
    PUP.Optional.Amonetize.A, C:\ProgramData\Omrucsuamuf\1.0.1.4\ucixneje.exe, 3452, , [6d0ce4dc9eecb87ed161f1a2f510d12f]
    PUP.Optional.Amonetize.A, C:\ProgramData\Omrucsuamuf\1.0.1.4\ucixneje.exe, 5784, , [6d0ce4dc9eecb87ed161f1a2f510d12f]

    Modules: 1
    PUP.Optional.Amonetize.A, C:\ProgramData\Omrucsuamuf\1.0.1.4\sqlite3.dll, , [6d0ce4dc9eecb87ed161f1a2f510d12f],

    Registry Keys: 7
    PUP.Optional.Blasteroids.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\YXVQbQ, , [80f97a463852c274eccfe7d8ab56669a],
    PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [cdace4dcbad0a591a2080971de251ee2],
    PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [ec8df1cff892c37390454134a360d22e],
    PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [ec8df1cff892c37390454134a360d22e],
    PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\InstallIQ, , [adcc6d531a7075c1150b47fb8381fb05],
    PUP.Optional.MultiIE.A, HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, , [90e9cef2bbcfa393faf84e2b25e0cc34],
    PUP.Optional.DesktopTemperature.A, HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\DesktopTemperature.exe, , [f881e2de5c2e26104ba0ad627e8638c8],

    Registry Values: 3
    PUP.Optional.Trovi.A, HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, http://www.trovi.com/Results.aspx?gd=&ctid=CT3331221&octid=EB_ORIGINAL_CTID&ISID=MD4D3CD91-FAE1-4649-8544-732DC9C8A389&SearchSource=58&CUI=&UM=6&UP=SP811D8984-C493-453A-AC06-7A6CB1BE994D&q={searchTerms}&SSPV=, , [9cddc2fe602a7eb8ec5d078357ae23dd]
    PUP.Optional.Conduit.A, HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, , [22579d2393f7de5829db2dcfab589d63]
    PUP.Optional.Trovi.A, HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi search, , [86f3d0f0f09a14229dac98f22ed70af6]

    Registry Data: 0
    (No malicious items detected)

    Folders: 8
    PUP.Optional.Blasteroids.A, C:\Users\capndavid2001\AppData\Local\Blasteroids, , [1e5bf9c71f6bc76f803bc06b43c137c9],
    PUP.Optional.Amonetize.A, C:\ProgramData\Omrucsuamuf\1.0.1.4, , [6d0ce4dc9eecb87ed161f1a2f510d12f],
    PUP.Optional.Amonetize.A, C:\ProgramData\Omrucsuamuf, , [6d0ce4dc9eecb87ed161f1a2f510d12f],
    PUP.Optional.SystemAlerts.A, C:\Users\capndavid2001\AppData\Local\System_Alerts_LLC, , [7009328ec3c701359cafe8f8f40fcb35],
    PUP.Optional.SystemAlerts.A, C:\Users\capndavid2001\AppData\Local\System_Alerts_LLC\DesktopTemperature.exe_Url_hrac5fjktyce443um0sshjg4blr31qju, , [7009328ec3c701359cafe8f8f40fcb35],
    PUP.Optional.SystemAlerts.A, C:\Users\capndavid2001\AppData\Local\System_Alerts_LLC\DesktopTemperature.exe_Url_hrac5fjktyce443um0sshjg4blr31qju\1.24.0.0, , [7009328ec3c701359cafe8f8f40fcb35],
    PUP.Optional.PullUpdate.A, C:\ProgramData\mRypDGO\dat, , [9ddcf9c7cdbdf93d0733d2bada2c23dd],
    PUP.Optional.PullUpdate.A, C:\ProgramData\mRypDGO, , [9ddcf9c7cdbdf93d0733d2bada2c23dd],

    Files: 18
    PUP.Optional.Blasteroids.A, C:\ProgramData\mRypDGO\YXVQbQ.exe, , [80f97a463852c274eccfe7d8ab56669a],
    PUP.Optional.PullUpdate.A, C:\ProgramData\mRypDGO\dat\IRGeEu.dll, , [aacf972990fa0234be27ec9d12f4916f],
    PUP.Optional.Blasteroids.A, C:\ProgramData\mRypDGO\dat\VINYrRNeTC.exe, , [3b3ef6cabbcf40f6308be2ddf01113ed],
    PUP.Optional.SearchProtect, C:\Windows\System32\drivers\SPPD.sys, , [4c2dfdc34d3daf87e5cbf73d8581758b],
    PUP.Optional.Mindspark.A, C:\Users\capndavid2001\Downloads\RecipeHub.exe, , [bbbe0cb4e1a9f14543a8f693f0163bc5],
    PUP.Optional.SafeInstall.A, C:\Users\capndavid2001\Downloads\adobeflashplayer.exe, , [d7a2754bf595a0966ee4572e8180c937],
    PUP.Optional.DesktopTemperature.A, C:\Users\capndavid2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk, , [6514d6ea73174beb4134b2689f657a86],
    PUP.Optional.Blasteroids.A, C:\Users\capndavid2001\AppData\Local\Blasteroids\data2.dat, , [1e5bf9c71f6bc76f803bc06b43c137c9],
    PUP.Optional.Browser.A, C:\ProgramData\Browser\prompt.exe.config, , [afca7b45e6a479bd3caca5e744c143bd],
    PUP.Optional.Amonetize.A, C:\ProgramData\Omrucsuamuf\1.0.1.4\ucixneje.exe.config, , [6d0ce4dc9eecb87ed161f1a2f510d12f],
    PUP.Optional.Amonetize.A, C:\ProgramData\Omrucsuamuf\1.0.1.4\sqlite3.dll, , [6d0ce4dc9eecb87ed161f1a2f510d12f],
    PUP.Optional.Amonetize.A, C:\ProgramData\Omrucsuamuf\1.0.1.4\ucixneje.exe, , [6d0ce4dc9eecb87ed161f1a2f510d12f],
    PUP.Optional.Amonetize.A, C:\ProgramData\Omrucsuamuf\dat.dat, , [6d0ce4dc9eecb87ed161f1a2f510d12f],
    PUP.Optional.SystemAlerts.A, C:\Users\capndavid2001\AppData\Local\System_Alerts_LLC\DesktopTemperature.exe_Url_hrac5fjktyce443um0sshjg4blr31qju\1.24.0.0\user.config, , [7009328ec3c701359cafe8f8f40fcb35],
    PUP.Optional.PullUpdate.A, C:\ProgramData\mRypDGO\dat\VINYrRNeTC.exe.config, , [9ddcf9c7cdbdf93d0733d2bada2c23dd],
    PUP.Optional.PullUpdate.A, C:\ProgramData\mRypDGO\info.dat, , [9ddcf9c7cdbdf93d0733d2bada2c23dd],
    PUP.Optional.PullUpdate.A, C:\ProgramData\mRypDGO\YXVQbQ.dat, , [9ddcf9c7cdbdf93d0733d2bada2c23dd],
    PUP.Optional.PullUpdate.A, C:\ProgramData\mRypDGO\YXVQbQ.exe.config, , [9ddcf9c7cdbdf93d0733d2bada2c23dd],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:32:25 PM, on 6/29/2015
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16561)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.duckduckgo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\capndavid2001\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: Desktop Temperature Monitor.lnk = capndavid2001\AppData\Local\DesktopTemperature\DesktopTemperature.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted IP range: http://192.168.1.107
    O15 - Trusted IP range: http://192.168.1.108
    O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} (Cisco NAC Web Agent Control) - https://172.25.75.24/auth/taweb.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {C1CF79A8-3261-4C29-9F6E-7971FE2686A6} (LabOnDemand.VMConnectControl) - https://labondemand.com/ActiveX/VMConnectControl.cab
    O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://172.25.75.24/auth/CCALogin.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: AT&T Network Configuration Service (netcfgsvr) - Unknown owner - C:\Program Files\AT&T Global Network Client\netcfgsvr.exe (file missing)
    O23 - Service: AT&T Global Network Client Service (NetClientSvc) - Unknown owner - C:\Program Files\AT&T Global Network Client\NetClientSvc.exe (file missing)
    O23 - Service: AT&T Global Network Client Logging Service (NetLogSvc) - Unknown owner - C:\Program Files\AT&T Global Network Client\NetLogSvc.exe (file missing)
    O23 - Service: PCTV Service (pctvsvc) - Pinnacle Systems Inc. - C:\Program Files\Pinnacle\PCTV To Go Setup Wizard\..\Drivers\pctvsvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: YXVQbQ - Acute Angle Solutions - C:\ProgramData\mRypDGO\YXVQbQ.exe

    --
    End of file - 11000 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    First
    please let Malwarebytes remove everything it found

    When the Malwarebytes scan is complete , make sure that that all Threats are selected, and click Remove Selected.
    Reboot your computer if prompted.

    Next

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system 32Bit for you. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.[/*]
    • Press Scan button.[/*]
    • It will produce a log called FRST.txt in the same directory the tool is run from.[/*]
    • Please copy and paste log back here.[/*]
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.[/*]

  3. #3
    Member
    Join Date
    Dec 2008
    Location
    Austin, Texas
    Posts
    102
    Points
    4
    Blog Entries
    1

    Default

    Heres the two log files you requested. Thanks so much.

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
    Ran by capndavid2001 at 2015-06-30 07:19:55
    Running from C:\Users\capndavid2001\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2574564581-2394573384-1249639492-500 - Administrator - Disabled)
    capndavid2001 (S-1-5-21-2574564581-2394573384-1249639492-1000 - Administrator - Enabled) => C:\Users\capndavid2001
    Guest (S-1-5-21-2574564581-2394573384-1249639492-501 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.14) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
    AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS RT-N66R Wireless Router Utilities (HKLM\...\{9C767081-9DB1-4C02-AB02-0E692CFEDA41}) (Version: 4.2.6.4 - ASUS)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
    Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
    BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Cisco Network Magic (Version: 5.5.09195.0 - Pure Networks) Hidden
    Citrix Online Launcher (HKLM\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
    ConverterLite 1.6.9.0 (HKLM\...\ConverterLite) (Version: 1.6.9.0 - ConverterLite)
    Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Support Center (HKLM\...\{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}) (Version: 1.0.07192 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
    Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.102.15.61 - Dell Inc.)
    DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
    Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
    DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
    DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    FXCM Trading Station (HKLM\...\FXCM Trading Station) (Version: 111313 - )
    FXCM Trading Station (Version: 111313 - FXCM) Hidden
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
    GoToMeeting 7.2.1.2856 (HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\GoToMeeting) (Version: 7.2.1.2856 - CitrixOnline)
    HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
    HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
    HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
    HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
    HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
    iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
    IP Camera Tool (HKLM\...\{0C141E39-BFED-40B3-ADA2-C58A6DC055E5}) (Version: 1.00.0000 - IP Camera Tool)
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Lab On Demand Hyper-V VMConnect ActiveX (HKLM\...\{A01F3528-667D-4E03-943A-458631A2C1A4}) (Version: 1.0.3 - Lab On Demand)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
    MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
    MediaMonkey 3.2 (HKLM\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.216.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 ENU (HKLM\...\{2F141715-E144-48C0-8562-D193B7AB85BC}) (Version: 4.0.8482.1 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
    MyMorph (HKLM\...\InstallShield_{0BFCE729-2C99-4D94-944E-4B57878D3576}) (Version: 2.0 - National Library of Medicine)
    MyMorph (Version: 2.0 - National Library of Medicine) Hidden
    NetDeviceManager (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
    Network Magic (HKLM\...\Network MagicUninstall) (Version: 5.5.9195.0 - Cisco Systems, Inc.)
    No-IP DUC (HKLM\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
    OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
    PCTV To Go Player 1.7.0.231 (HKLM\...\PCTV To Go Player_is1) (Version: - Pinnacle Systems)
    PCTV To Go Setup Wizard 1.7.0.249 (HKLM\...\PCTV To Go_is1) (Version: - Pinnacle Systems Inc.)
    PD Media Converter (HKLM\...\{CC38C3D1-0359-4308-9DB8-194F8D92B2B6}) (Version: 1.3.5.1314 - Perception Digital)
    PD Media Converter (Version: 1.3.5.1314 - Perception Digital) Hidden
    Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
    Pure Networks Platform (Version: 11.2.09195.1 - Pure Networks) Hidden
    QualxServ Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell Inc.)
    QuickSet (HKLM\...\{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}) (Version: 8.2.14 - Dell Inc.)
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    RemoteComms driver (HKLM\...\{43BEEE26-01A8-4EEE-8632-2353261E3B55}) (Version: 1.25.0000 - Oxford Semiconductor)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Rhapsody (HKLM\...\Rhapsody) (Version: - )
    Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
    Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
    Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
    Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
    Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
    Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
    Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
    Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
    Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
    SA30xx Device Manager (HKLM\...\{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}) (Version: 1.1.0.1000 - Philips)
    SA30xx Media Converter (HKLM\...\{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}) (Version: 1.1.4.1006 - Philips)
    SA30xx Media Converter (Version: 1.1.4.1006 - Philips) Hidden
    Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
    Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
    Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
    Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
    Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    TradeStation 9.5 (HKLM\...\{E02A3EE0-1193-454C-8E59-BDFCE6EC7B22}) (Version: 9.05.00.2200 - TradeStation Technologies)
    TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
    User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WebEx Support Manager for Internet Explorer (HKLM\...\{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}) (Version: 6.5.4917 - WebEx Communications Inc.)
    WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
    Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
    WinImage (HKLM\...\WinImage) (Version: - )
    Wuala (HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Wuala) (Version: 1.0.367.0 - LaCie)
    Wuala CBFS (HKLM\...\Wuala CBFS) (Version: 3.1.85.0 - LaCie)
    Wuala OverlayIcons (HKLM\...\Wuala OverlayIcons) (Version: 1.0.0.0 - LaCie)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000_Classes\CLSID\{239C8676-EB42-FB08-5A8C-6CE7720D9355}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\capndavid2001\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000_Classes\CLSID\{E1314F99-1333-FA97-1021-D9CFB4E50AC2}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000_Classes\CLSID\{FD8C4664-A2D4-97EC-185D-875E454333FE}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    26-06-2015 05:31:18 Scheduled Checkpoint
    27-06-2015 11:57:53 Scheduled Checkpoint
    27-06-2015 20:18:15 Windows Update
    29-06-2015 22:04:38 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 05:23 - 2013-07-18 20:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {263D588A-0B9A-43E4-95CB-E0C6A7E91E0A} - System32\Tasks\G2MUploadTask-S-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Users\capndavid2001\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe [2015-06-28] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {3EB1B77E-2EE0-415A-9A3B-7B2DCFC668C9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
    Task: {58FAF5ED-CAFC-4842-ABE8-8BA46B82DD2F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: {59DD9C9E-083B-4A8A-AD23-292638375E14} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
    Task: {63BCD8F6-590A-4C5E-9686-A33344E383DE} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
    Task: {66D46A1E-3ECF-4784-AC81-2E2E8150F72A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {6EFF99A3-413B-4530-9BB7-05CD9FAFA63F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {751BC5BF-3D1D-4571-8361-D496E58D5E7E} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
    Task: {75AC9324-E4AB-4D4D-911A-73003B8DBB6E} - System32\Tasks\G2MUpdateTask-S-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Users\capndavid2001\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe [2015-06-28] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {880F8D13-719F-446A-8A92-BEAA0B5EE719} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-23] (Google Inc.)
    Task: {97F357EC-F9C3-418C-853B-16854415EAE9} - System32\Tasks\{B6D584D7-C8FA-4684-9B1E-2B62DC66A91A} => pcalua.exe -a E:\SetupWizard.exe -d E:\
    Task: {98B744CB-613C-484E-BA27-2D227C40B210} - System32\Tasks\Omrucsuamuf => C:\ProgramData\Omrucsuamuf\1.0.2.1\ucixneje.exe
    Task: {9EE5B25F-CC32-4A24-9453-DA806284C014} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
    Task: {A279B53F-D259-4D2C-ACC2-EE8DB0850E92} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
    Task: {A83781E8-2FEC-4438-9194-4921B5F4BF8F} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
    Task: {BF64506F-6B36-4A9E-AE05-836119F0EF3C} - System32\Tasks\RegCure Pro => C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe
    Task: {C04F23F5-4511-4C6B-8EFC-C4FB3CD754CE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {CB9C285A-7CB2-4D94-A603-D9D02BE8DB23} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
    Task: {CDF9F078-57E2-4A4E-8FE8-00AE37E6ED6C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    Task: {D9A2D279-B30C-4D05-A496-7CC6FB2FACF5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {DB99EF5B-2465-44DF-B64E-43B23AA305CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-23] (Google Inc.)
    Task: {E3A308BE-5827-41F3-9236-EE5B95837B9E} - System32\Tasks\{6B6B5007-3264-469A-80C0-B1990CA1460D} => pcalua.exe -a C:\Windows\System32\igfxcfg.exe -d C:\Windows\system32
    Task: {E9C2FEAD-69DD-4965-AE44-1E03AEFDE5BB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: {F515A68F-E761-4847-B3F1-E27A5F5AAD91} - \ASP No Task File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2574564581-2394573384-1249639492-1000.job => C:\Users\capndavid2001\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2574564581-2394573384-1249639492-1000.job => C:\Users\capndavid2001\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2006-11-05 11:28 - 2006-11-05 11:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
    2008-01-28 11:15 - 2008-01-28 11:15 - 00073728 _____ () c:\Program Files\MyMorph\Mcmh.dll
    2007-12-08 22:52 - 2007-09-26 05:47 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
    2007-12-08 15:15 - 2007-03-21 14:33 - 00065536 _____ () C:\Windows\System32\bcmwlrmt.dll
    2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
    2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
    2006-12-10 22:51 - 2006-12-10 22:51 - 00065536 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
    2006-12-10 22:51 - 2006-12-10 22:51 - 00077824 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\82 -> 82
    IE trusted site: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\zijasecure.com -> hxxps://shield0.zijasecure.com

    IE restricted site: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\msn.com -> hxxp://www.msn.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\capndavid2001\Pictures\Vic and Me\014.JPG
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [{6962F3C6-3E75-43AC-9D91-6575AA5DDC87}] => (Allow) C:\Program Files\Dell\MediaDirect\PowerCinema.exe
    FirewallRules: [{3443AF16-82CB-4D17-864C-E741B2D169D3}] => (Allow) C:\Program Files\Dell\MediaDirect\PCMService.exe
    FirewallRules: [{F0A6D2FA-0B55-4AA2-9F8F-A5DEFB09137C}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe
    FirewallRules: [{5DF6FF92-3BDF-4245-83ED-220A6CFE3001}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe
    FirewallRules: [{3587AF70-726A-4DC2-9278-2A23F16E40E9}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
    FirewallRules: [{0A1E8647-9088-4BE0-8187-4A6D8FF2D805}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
    FirewallRules: [{9BAF7144-1EBE-4E8C-820C-F7A8169F185E}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
    FirewallRules: [{AE5A51FC-CFE8-4978-987E-DDB37E29F764}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
    FirewallRules: [{4B461AF4-AE5E-4B75-8BE1-815B7E594621}] => (Allow) LPort=1778
    FirewallRules: [{963EECB5-8240-423F-8F61-ED2FC837C2F1}] => (Allow) LPort=80
    FirewallRules: [{222AA356-2F05-4AE1-8204-BCF8040F2F43}] => (Allow) LPort=80
    FirewallRules: [{0DF5D023-7649-4BA8-983A-A0935E39D50C}] => (Allow) LPort=80
    FirewallRules: [{61506E02-7A3F-456F-9520-6B1E5880A39D}] => (Allow) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    FirewallRules: [{7B765400-D2D3-4ABF-AA5B-5AAFD7FAB5F7}] => (Allow) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    FirewallRules: [{4244CC59-0E7F-4C93-A4F0-4FF8F18E4C37}] => (Allow) LPort=1778
    FirewallRules: [{04A971EE-6069-49B3-BD85-B10B89C7E24B}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
    FirewallRules: [{757CCDEF-3324-4D46-B4D1-4A9D8CC9C51B}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
    FirewallRules: [{38B4474C-38D3-4BBA-B4A3-A0307B52FB47}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [{CDFEF342-B886-428D-BD89-5DE475D2F593}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [{E2D96D9A-E475-47C3-B2F1-F899B6FBBBB4}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [TCP Query User{7E0072B4-2BE2-4349-98DF-BEDF1521E740}C:\windows\system32\ipcamera.exe] => (Allow) C:\windows\system32\ipcamera.exe
    FirewallRules: [UDP Query User{402288E3-8BBC-4CF6-B034-E49907DBECFE}C:\windows\system32\ipcamera.exe] => (Allow) C:\windows\system32\ipcamera.exe
    FirewallRules: [TCP Query User{2B3ACD0C-15AA-49E0-B61F-38D13C6FDCCA}C:\windows\system32\ipcamera.exe] => (Allow) C:\windows\system32\ipcamera.exe
    FirewallRules: [UDP Query User{07DE54B0-2A8B-4E4B-9376-90614A3836A8}C:\windows\system32\ipcamera.exe] => (Allow) C:\windows\system32\ipcamera.exe
    FirewallRules: [{66C03662-D2D1-4286-B043-6764BF21A575}] => (Allow) C:\Users\capndavid2001\AppData\Local\Temp\7zS6FE5\setup\HPZnui01.exe
    FirewallRules: [{C1374211-A4C0-4668-916E-600D2658DCE9}] => (Allow) C:\Users\capndavid2001\AppData\Local\Temp\7zS6FE5\setup\HPZnui01.exe
    FirewallRules: [{DF8A33EF-F202-46A6-ABEF-0498F18C22CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A0037EB3-234A-4050-A634-589340ED0AA8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{6823EA88-64C7-42D0-9933-7BD91FF32A14}] => (Allow) E:\RouterSetup\QISWizard.exe
    FirewallRules: [{FE9E6389-612F-4F34-86C0-0F714FEC3B10}] => (Allow) E:\RouterSetup\QISWizard.exe
    FirewallRules: [{72032D1F-64B3-4351-B977-B4B33078F0EA}] => (Allow) C:\Program Files\ASUS\RT-N66R Wireless Router Utilities\Discovery.exe
    FirewallRules: [{7938BDFC-A3B3-4622-876C-CB78BEA948F4}] => (Allow) C:\Program Files\ASUS\RT-N66R Wireless Router Utilities\Discovery.exe
    FirewallRules: [{F13066B1-DD11-4C02-AE44-BFD517F80B0B}] => (Allow) C:\Program Files\ASUS\RT-N66R Wireless Router Utilities\Rescue.exe
    FirewallRules: [{D9C88C48-E02F-4E08-B8C7-ABC2F05B0839}] => (Allow) C:\Program Files\ASUS\RT-N66R Wireless Router Utilities\Rescue.exe
    FirewallRules: [{976828FB-F910-4E35-92D9-2F42B647F32F}] => (Allow) C:\Program Files\ASUS\RT-N66R Wireless Router Utilities\QISWizard.exe
    FirewallRules: [{62676F7E-5871-41DD-934D-A7C9F52CCE69}] => (Allow) C:\Program Files\ASUS\RT-N66R Wireless Router Utilities\QISWizard.exe
    FirewallRules: [TCP Query User{B5715681-0BB1-420E-A7E4-94C07A85303D}C:\program files\asus\rt-n66r wireless router utilities\discovery.exe] => (Allow) C:\program files\asus\rt-n66r wireless router utilities\discovery.exe
    FirewallRules: [UDP Query User{6C519BAF-E215-4C03-A704-A6817B275FCD}C:\program files\asus\rt-n66r wireless router utilities\discovery.exe] => (Allow) C:\program files\asus\rt-n66r wireless router utilities\discovery.exe
    FirewallRules: [{9556C3F8-CC2C-4157-8D15-964186E58476}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [TCP Query User{69A0CDA6-D08B-49C6-B96E-8EA6180A0057}C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{8BBC228B-0AC0-4915-9C2E-8C7E7828524B}C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{663DBF95-8538-4F47-A99E-43BAC3E0AFD9}C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{FACADA1F-CE8B-4AED-8183-EA9F32EA84C8}C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{9467FD51-5A76-48EC-8DF0-993C13495D7C}C:\program files\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre7\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{BA82E10E-E824-41F1-9CFD-56B27923D776}C:\program files\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre7\bin\jp2launcher.exe
    FirewallRules: [TCP Query User{5003A938-E6FC-4D59-82BB-5B10E19E98C4}C:\program files\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre7\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{7F1A60ED-9992-4A32-A18C-670A4FDE5CC8}C:\program files\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre7\bin\jp2launcher.exe
    FirewallRules: [TCP Query User{983FE37D-BC1C-49C9-8C70-92EE4C5D32A3}C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{C0C9486D-E830-4A33-B11D-A73C155D1840}C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe
    FirewallRules: [TCP Query User{2478A5E2-1CF3-4A10-A62C-16179B6B658E}C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{E7EF8227-63B6-4C3F-BD3D-59BE972B29A8}C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe
    FirewallRules: [{108E4BB3-90B5-45C5-B560-C6AF4031111F}] => (Allow) C:\Program Files\iTunes\iTunes.exe

    ==================== Faulty Device Manager Devices =============

    Name: Officejet 7300 series
    Description: Officejet 7300 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/30/2015 07:07:28 AM) (Source: ESENT) (EventID: 474) (User: )
    Description: wuaueng.dll (1212) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 293888000 (0x0000000011846000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 6789561512143880192 (0x5e395e3900000000) and the actual checksum was 6789561513924056186 (0x5e395e396a1b547a). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

    Error: (06/29/2015 07:08:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program mbam.exe version 1.0.2.929 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 88c
    Start Time: 01d0b2bc50b26a10
    Termination Time: 8

    Error: (06/29/2015 07:07:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 11e4
    Start Time: 01d0b2bf6c65e860
    Termination Time: 71

    Error: (06/29/2015 06:03:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: a84
    Start Time: 01d0b2bf6d672bc0
    Termination Time: 26

    Error: (06/29/2015 06:02:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 9.0.8112.16561, time stamp 0x539247f9, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x0004690e,
    process id 0x10c0, application start time 0xiexplore.exe0.

    Error: (06/29/2015 05:18:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 12c0
    Start Time: 01d0b26ea0201c30
    Termination Time: 0

    Error: (06/29/2015 07:05:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program ucixneje.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 1418
    Start Time: 01d0b208cdd33d80
    Termination Time: 172

    Error: (06/28/2015 06:21:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 430
    Start Time: 01d0b1f919217320
    Termination Time: 24

    Error: (06/28/2015 03:11:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 114c
    Start Time: 01d0b0ff25afed60
    Termination Time: 57

    Error: (06/27/2015 00:33:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 734
    Start Time: 01d0b0ff2daf0be0
    Termination Time: 22


    System errors:
    =============
    Error: (06/30/2015 07:01:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: AT&T Global Network Client Logging Service%%2

    Error: (06/30/2015 07:01:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: AT&T Global Network Client Service%%2

    Error: (06/30/2015 07:01:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: AT&T Network Configuration Service%%2

    Error: (06/30/2015 07:01:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: MCSTRM%%2

    Error: (06/30/2015 07:01:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Dell Wireless WLAN Tray Service%%2

    Error: (06/30/2015 07:01:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Pure Networks Device Discovery Driver%%2

    Error: (06/30/2015 06:57:51 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

    Error: (06/29/2015 06:52:01 AM) (Source: DCOM) (EventID: 10016) (User: capndavid200-PC)
    Description: machine-defaultLocalActivation{682159D9-C321-47CA-B3F1-30E36B2EC8B9}capndavid200-PCcapndavid2001S-1-5-21-2574564581-2394573384-1249639492-1000LocalHost (Using LRPC)

    Error: (06/29/2015 06:52:00 AM) (Source: DCOM) (EventID: 10016) (User: capndavid200-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}capndavid200-PCcapndavid2001S-1-5-21-2574564581-2394573384-1249639492-1000LocalHost (Using LRPC)

    Error: (06/28/2015 08:05:50 PM) (Source: DCOM) (EventID: 10016) (User: capndavid200-PC)
    Description: machine-defaultLocalActivation{682159D9-C321-47CA-B3F1-30E36B2EC8B9}capndavid200-PCcapndavid2001S-1-5-21-2574564581-2394573384-1249639492-1000LocalHost (Using LRPC)


    Microsoft Office:
    =========================
    Error: (06/30/2015 07:07:28 AM) (Source: ESENT) (EventID: 474) (User: )
    Description: wuaueng.dll1212SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb293888000 (0x0000000011846000)4096 (0x00001000)-1018 (0xfffffc06)6789561512143880192 (0x5e395e3900000000)6789561513924056186 (0x5e395e396a1b547a)71749 (0x11845)

    Error: (06/29/2015 07:08:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: mbam.exe1.0.2.92988c01d0b2bc50b26a108

    Error: (06/29/2015 07:07:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.1656111e401d0b2bf6c65e86071

    Error: (06/29/2015 06:03:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.16561a8401d0b2bf6d672bc026

    Error: (06/29/2015 06:02:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe9.0.8112.16561539247f9ntdll.dll6.0.6002.1888151da3e27c00000050004690e10c001d0b2bf300647c0

    Error: (06/29/2015 05:18:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.1656112c001d0b26ea0201c300

    Error: (06/29/2015 07:05:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: ucixneje.exe1.0.0.0141801d0b208cdd33d80172

    Error: (06/28/2015 06:21:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.1656143001d0b1f91921732024

    Error: (06/28/2015 03:11:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.16561114c01d0b0ff25afed6057

    Error: (06/27/2015 00:33:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.1656173401d0b0ff2daf0be022


    CodeIntegrity Errors:
    ===================================
    Date: 2015-06-30 07:19:01.390
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-30 07:19:00.925
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-30 07:19:00.456
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-30 07:18:59.987
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-29 19:36:00.357
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-29 19:35:59.876
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-29 19:35:59.423
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-29 19:35:58.690
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-29 19:35:58.221
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-29 19:35:57.749
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
    Percentage of memory in use: 47%
    Total physical RAM: 3061.31 MB
    Available physical RAM: 1616.13 MB
    Total Pagefile: 6324.88 MB
    Available Pagefile: 4907.19 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1900.36 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:136.47 GB) (Free:11.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.49 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 10000000)
    Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=136.5 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

    ==================== End of log ============================


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
    Ran by capndavid2001 (administrator) on CAPNDAVID200-PC on 30-06-2015 07:18:39
    Running from C:\Users\capndavid2001\Desktop
    Loaded Profiles: capndavid2001 (Available Profiles: capndavid2001)
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Teruten) C:\Windows\System32\FsUsbExService.Exe
    (Pinnacle Systems Inc.) C:\Program Files\Pinnacle\Drivers\pctvsvc.exe
    (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    (IDT, Inc.) C:\Windows\System32\stacsv.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
    (Dell Inc.) C:\Windows\System32\WLTRAY.EXE
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
    (Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [159744 2007-09-24] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [1548288 2007-03-21] (Dell Inc.)
    HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-04-16] (CyberLink Corp.)
    HKLM\...\Run: [dscactivate] => c:\dell\dsca.exe [16384 2007-07-30] ( )
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM\...\Run: [nmctxth] => C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [995184 2013-07-18] (Microsoft Corporation)
    HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-27] (IDT, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-06-23] (SUPERAntiSpyware)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [198704 2007-07-11] (SupportSoft, Inc.)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\capndavid2001\AppData\Local\Akamai\netsession_win.exe"
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2007-12-08]
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-01-08]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-03-10]
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk [2007-12-08]
    ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [2011-04-01] (LaCie AG)
    ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [2011-04-01] (LaCie AG)
    ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [2011-04-01] (LaCie AG)
    ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [2011-04-01] (LaCie AG)
    ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17] (EldoS Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.duckduckgo
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000 -> {7CCA6552-433F-49F0-BC32-E896736B4338} URL = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20141148,20028,0,18,0
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17] (EldoS Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-20] (Oracle Corporation)
    BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-20] (Oracle Corporation)
    DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://172.25.75.24/auth/taweb.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
    DPF: {C1CF79A8-3261-4C29-9F6E-7971FE2686A6} https://labondemand.com/ActiveX/VMConnectControl.cab
    DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} https://172.25.75.24/auth/CCALogin.CAB
    DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{25CCCF37-120D-4D4A-8F10-CFEA457F0E33}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{4CAA0F40-D16B-4DC4-A6CB-077BD9F28F0F}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{862AA2AE-2419-4156-A2FC-BE9019C79955}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{E74B8449-7AE7-4041-AC4D-2DD2A6225F2F}: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Windows\system32\npdeployJava1.dll [2014-10-20] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-20] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-20] (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-02] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-02] (RealNetworks, Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2574564581-2394573384-1249639492-1000: @citrixonline.com/appdetectorplugin -> C:\Users\capndavid2001\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-29] (Citrix Online)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-10]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
    S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [585728 2006-12-10] (Hewlett-Packard Co.) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-07-18] (Microsoft Corporation)
    R2 pctvsvc; C:\Program Files\Pinnacle\PCTV To Go Setup Wizard\..\Drivers\pctvsvc.exe [125952 2007-06-27] (Pinnacle Systems Inc.) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
    R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
    R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202800 2007-07-11] (SupportSoft, Inc.)
    S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
    S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1724416 2007-03-21] (Dell Inc.) [File not signed]
    S2 netcfgsvr; "C:\Program Files\AT&T Global Network Client\netcfgsvr.exe" [X]
    S2 NetClientSvc; "C:\Program Files\AT&T Global Network Client\NetClientSvc.exe" [X]
    S2 NetLogSvc; "C:\Program Files\AT&T Global Network Client\NetLogSvc.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 avpnnic; C:\Windows\System32\DRIVERS\avpnnic.sys [11392 2010-02-25] (AT&T) [File not signed]
    R3 BoosterKey; C:\Windows\System32\DRIVERS\pctvkey.sys [16384 2007-06-27] (Pinnacle Systems Inc.)
    R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [275088 2011-01-17] (EldoS Corporation)
    S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
    R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
    R3 havanet; C:\Windows\System32\DRIVERS\pctvnet.sys [14848 2007-06-27] (Pinnacle Systems Inc.)
    R3 HAVATV; C:\Windows\System32\DRIVERS\PCTV.sys [347904 2007-06-27] (Pinnacle Sytems Inc.)
    R3 HavaTV_10; C:\Windows\System32\DRIVERS\PCTV_10.sys [347904 2007-06-27] (Pinnacle Sytems Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
    S3 OXSDIDRV_x32; C:\Windows\System32\DRIVERS\OXSDIDRV_x32.sys [52656 2009-09-28] ()
    S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
    R3 pctvbus; C:\Windows\System32\DRIVERS\pctvbus.sys [25088 2007-06-27] (Pinnacle Systems Inc.)
    R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [98560 2010-04-26] (MCCI Corporation)
    S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [14848 2010-04-26] (MCCI Corporation)
    S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [123648 2010-04-26] (MCCI Corporation)
    S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [215552 2011-05-13] (Sierra Wireless Incorporated)
    S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx.sys [83968 2011-05-16] (Sierra Wireless Inc.)
    S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [26760 2008-08-22] ()
    S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [208128 2011-03-03] (Sierra Wireless Inc.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\CAPNDA~1\AppData\Local\Temp\catchme.sys [X]
    S3 cpuz134; \??\C:\Users\CAPNDA~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S2 MCSTRM; No ImagePath
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S2 pnarp; system32\DRIVERS\pnarp.sys [X]
    S3 SNDMon; system32\DRIVERS\SNDMon.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-30 07:18 - 2015-06-30 07:19 - 00021851 _____ C:\Users\capndavid2001\Desktop\FRST.txt
    2015-06-30 07:17 - 2015-06-30 07:17 - 01636352 _____ (Farbar) C:\Users\capndavid2001\Desktop\FRST.exe
    2015-06-29 17:33 - 2015-06-29 17:33 - 00001251 _____ C:\Users\capndavid2001\Desktop\SUPERAntiSpyware Scan Log - 06-29-2015 - 17-32-37.log
    2015-06-29 17:32 - 2015-06-29 17:32 - 00011002 _____ C:\Users\capndavid2001\Desktop\hijackthis 6_15.log
    2015-06-28 00:15 - 2015-06-30 06:52 - 00000706 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2574564581-2394573384-1249639492-1000.job
    2015-06-23 20:03 - 2015-06-30 06:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-23 20:03 - 2015-06-23 20:03 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-06-23 20:03 - 2015-06-23 20:03 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-06-23 18:32 - 2015-06-23 18:32 - 00000000 ____D C:\ProgramData\Radio

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-30 07:18 - 2013-12-18 21:46 - 00000000 ___DC C:\FRST
    2015-06-30 07:14 - 2007-12-08 14:58 - 01110469 _____ C:\Windows\WindowsUpdate.log
    2015-06-30 07:11 - 2013-06-23 10:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-30 07:06 - 2006-11-02 05:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-06-30 07:06 - 2006-11-02 05:23 - 00000275 _____ C:\Windows\win.ini
    2015-06-30 07:03 - 2013-06-23 10:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-30 07:00 - 2014-07-29 16:14 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-06-30 07:00 - 2013-12-11 13:47 - 00120526 _____ C:\Windows\PFRO.log
    2015-06-30 07:00 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-30 07:00 - 2006-11-02 07:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-30 07:00 - 2006-11-02 07:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-30 06:58 - 2007-12-08 15:07 - 00000012 _____ C:\Windows\bthservsdp.dat
    2015-06-30 06:58 - 2006-11-02 08:01 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-06-30 06:25 - 2014-03-29 11:06 - 00000610 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2574564581-2394573384-1249639492-1000.job
    2015-06-30 06:15 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\Performance
    2015-06-30 06:07 - 2014-09-04 20:35 - 00000000 ____D C:\ProgramData\Browser
    2015-06-29 19:15 - 2014-07-29 16:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-06-29 17:36 - 2014-07-29 16:15 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-29 17:36 - 2014-07-29 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-29 07:04 - 2012-03-08 12:41 - 00066048 _____ C:\Users\capndavid2001\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-06-23 19:18 - 2012-03-08 18:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-06-23 18:52 - 2014-01-22 22:24 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2015-06-23 18:51 - 2013-12-13 12:35 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2015-06-23 17:52 - 2013-01-04 23:11 - 00000609 _____ C:\Users\capndavid2001\Desktop\Network Security.txt

    ==================== Files in the root of some directories =======

    2012-03-09 10:55 - 2012-12-22 15:12 - 0870128 _____ () C:\Users\capndavid2001\AppData\Roaming\mcs.rma
    2014-10-07 10:12 - 2014-10-07 10:12 - 0000320 _____ () C:\Users\capndavid2001\AppData\Roaming\SEC3538888.trad
    2012-03-27 20:43 - 2014-03-15 15:35 - 0005864 _____ () C:\Users\capndavid2001\AppData\Local\d3d9caps.dat
    2012-03-08 12:41 - 2015-06-29 07:04 - 0066048 _____ () C:\Users\capndavid2001\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-03-28 15:07 - 2012-11-15 11:31 - 8892928 _____ () C:\ProgramData\atscie.msi
    2010-02-25 13:23 - 2010-02-25 13:23 - 0217942 _____ () C:\ProgramData\DeviceManager.xml.rc4

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-30 07:15

    ==================== End of log ============================

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/29/2015
    Scan Time: 7:15:48 PM
    Logfile: Malware Log File 6_30_15.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.06.29.06
    Rootkit Database: v2015.06.26.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: capndavid2001

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 355678
    Time Elapsed: 38 min, 9 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  4. #4
    Member
    Join Date
    Dec 2008
    Location
    Austin, Texas
    Posts
    102
    Points
    4
    Blog Entries
    1

    Default

    Heres the two log files you requested. Thanks so much.

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
    Ran by capndavid2001 at 2015-06-30 07:19:55
    Running from C:\Users\capndavid2001\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2574564581-2394573384-1249639492-500 - Administrator - Disabled)
    capndavid2001 (S-1-5-21-2574564581-2394573384-1249639492-1000 - Administrator - Enabled) => C:\Users\capndavid2001
    Guest (S-1-5-21-2574564581-2394573384-1249639492-501 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.14) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
    AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS RT-N66R Wireless Router Utilities (HKLM\...\{9C767081-9DB1-4C02-AB02-0E692CFEDA41}) (Version: 4.2.6.4 - ASUS)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
    Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
    BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Cisco Network Magic (Version: 5.5.09195.0 - Pure Networks) Hidden
    Citrix Online Launcher (HKLM\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
    ConverterLite 1.6.9.0 (HKLM\...\ConverterLite) (Version: 1.6.9.0 - ConverterLite)
    Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Support Center (HKLM\...\{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}) (Version: 1.0.07192 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
    Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.102.15.61 - Dell Inc.)
    DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
    Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
    DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
    DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    FXCM Trading Station (HKLM\...\FXCM Trading Station) (Version: 111313 - )
    FXCM Trading Station (Version: 111313 - FXCM) Hidden
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
    GoToMeeting 7.2.1.2856 (HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\GoToMeeting) (Version: 7.2.1.2856 - CitrixOnline)
    HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
    HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
    HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
    HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
    HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
    iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
    IP Camera Tool (HKLM\...\{0C141E39-BFED-40B3-ADA2-C58A6DC055E5}) (Version: 1.00.0000 - IP Camera Tool)
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Lab On Demand Hyper-V VMConnect ActiveX (HKLM\...\{A01F3528-667D-4E03-943A-458631A2C1A4}) (Version: 1.0.3 - Lab On Demand)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
    MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
    MediaMonkey 3.2 (HKLM\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.216.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 ENU (HKLM\...\{2F141715-E144-48C0-8562-D193B7AB85BC}) (Version: 4.0.8482.1 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
    MyMorph (HKLM\...\InstallShield_{0BFCE729-2C99-4D94-944E-4B57878D3576}) (Version: 2.0 - National Library of Medicine)
    MyMorph (Version: 2.0 - National Library of Medicine) Hidden
    NetDeviceManager (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
    Network Magic (HKLM\...\Network MagicUninstall) (Version: 5.5.9195.0 - Cisco Systems, Inc.)
    No-IP DUC (HKLM\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
    OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
    PCTV To Go Player 1.7.0.231 (HKLM\...\PCTV To Go Player_is1) (Version: - Pinnacle Systems)
    PCTV To Go Setup Wizard 1.7.0.249 (HKLM\...\PCTV To Go_is1) (Version: - Pinnacle Systems Inc.)
    PD Media Converter (HKLM\...\{CC38C3D1-0359-4308-9DB8-194F8D92B2B6}) (Version: 1.3.5.1314 - Perception Digital)
    PD Media Converter (Version: 1.3.5.1314 - Perception Digital) Hidden
    Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
    Pure Networks Platform (Version: 11.2.09195.1 - Pure Networks) Hidden
    QualxServ Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell Inc.)
    QuickSet (HKLM\...\{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}) (Version: 8.2.14 - Dell Inc.)
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    RemoteComms driver (HKLM\...\{43BEEE26-01A8-4EEE-8632-2353261E3B55}) (Version: 1.25.0000 - Oxford Semiconductor)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Rhapsody (HKLM\...\Rhapsody) (Version: - )
    Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
    Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
    Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
    Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
    Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
    Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
    Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
    Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
    Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
    SA30xx Device Manager (HKLM\...\{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}) (Version: 1.1.0.1000 - Philips)
    SA30xx Media Converter (HKLM\...\{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}) (Version: 1.1.4.1006 - Philips)
    SA30xx Media Converter (Version: 1.1.4.1006 - Philips) Hidden
    Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
    Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
    Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
    Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
    Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    TradeStation 9.5 (HKLM\...\{E02A3EE0-1193-454C-8E59-BDFCE6EC7B22}) (Version: 9.05.00.2200 - TradeStation Technologies)
    TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
    User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WebEx Support Manager for Internet Explorer (HKLM\...\{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}) (Version: 6.5.4917 - WebEx Communications Inc.)
    WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
    Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
    WinImage (HKLM\...\WinImage) (Version: - )
    Wuala (HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Wuala) (Version: 1.0.367.0 - LaCie)
    Wuala CBFS (HKLM\...\Wuala CBFS) (Version: 3.1.85.0 - LaCie)
    Wuala OverlayIcons (HKLM\...\Wuala OverlayIcons) (Version: 1.0.0.0 - LaCie)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000_Classes\CLSID\{239C8676-EB42-FB08-5A8C-6CE7720D9355}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\capndavid2001\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000_Classes\CLSID\{E1314F99-1333-FA97-1021-D9CFB4E50AC2}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000_Classes\CLSID\{FD8C4664-A2D4-97EC-185D-875E454333FE}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    26-06-2015 05:31:18 Scheduled Checkpoint
    27-06-2015 11:57:53 Scheduled Checkpoint
    27-06-2015 20:18:15 Windows Update
    29-06-2015 22:04:38 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 05:23 - 2013-07-18 20:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {263D588A-0B9A-43E4-95CB-E0C6A7E91E0A} - System32\Tasks\G2MUploadTask-S-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Users\capndavid2001\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe [2015-06-28] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {3EB1B77E-2EE0-415A-9A3B-7B2DCFC668C9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
    Task: {58FAF5ED-CAFC-4842-ABE8-8BA46B82DD2F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: {59DD9C9E-083B-4A8A-AD23-292638375E14} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
    Task: {63BCD8F6-590A-4C5E-9686-A33344E383DE} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
    Task: {66D46A1E-3ECF-4784-AC81-2E2E8150F72A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {6EFF99A3-413B-4530-9BB7-05CD9FAFA63F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {751BC5BF-3D1D-4571-8361-D496E58D5E7E} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
    Task: {75AC9324-E4AB-4D4D-911A-73003B8DBB6E} - System32\Tasks\G2MUpdateTask-S-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Users\capndavid2001\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe [2015-06-28] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {880F8D13-719F-446A-8A92-BEAA0B5EE719} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-23] (Google Inc.)
    Task: {97F357EC-F9C3-418C-853B-16854415EAE9} - System32\Tasks\{B6D584D7-C8FA-4684-9B1E-2B62DC66A91A} => pcalua.exe -a E:\SetupWizard.exe -d E:\
    Task: {98B744CB-613C-484E-BA27-2D227C40B210} - System32\Tasks\Omrucsuamuf => C:\ProgramData\Omrucsuamuf\1.0.2.1\ucixneje.exe
    Task: {9EE5B25F-CC32-4A24-9453-DA806284C014} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
    Task: {A279B53F-D259-4D2C-ACC2-EE8DB0850E92} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
    Task: {A83781E8-2FEC-4438-9194-4921B5F4BF8F} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
    Task: {BF64506F-6B36-4A9E-AE05-836119F0EF3C} - System32\Tasks\RegCure Pro => C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe
    Task: {C04F23F5-4511-4C6B-8EFC-C4FB3CD754CE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {CB9C285A-7CB2-4D94-A603-D9D02BE8DB23} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
    Task: {CDF9F078-57E2-4A4E-8FE8-00AE37E6ED6C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    Task: {D9A2D279-B30C-4D05-A496-7CC6FB2FACF5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {DB99EF5B-2465-44DF-B64E-43B23AA305CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-23] (Google Inc.)
    Task: {E3A308BE-5827-41F3-9236-EE5B95837B9E} - System32\Tasks\{6B6B5007-3264-469A-80C0-B1990CA1460D} => pcalua.exe -a C:\Windows\System32\igfxcfg.exe -d C:\Windows\system32
    Task: {E9C2FEAD-69DD-4965-AE44-1E03AEFDE5BB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2574564581-2394573384-1249639492-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: {F515A68F-E761-4847-B3F1-E27A5F5AAD91} - \ASP No Task File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2574564581-2394573384-1249639492-1000.job => C:\Users\capndavid2001\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2574564581-2394573384-1249639492-1000.job => C:\Users\capndavid2001\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2006-11-05 11:28 - 2006-11-05 11:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
    2008-01-28 11:15 - 2008-01-28 11:15 - 00073728 _____ () c:\Program Files\MyMorph\Mcmh.dll
    2007-12-08 22:52 - 2007-09-26 05:47 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
    2007-12-08 15:15 - 2007-03-21 14:33 - 00065536 _____ () C:\Windows\System32\bcmwlrmt.dll
    2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
    2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
    2006-12-10 22:51 - 2006-12-10 22:51 - 00065536 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
    2006-12-10 22:51 - 2006-12-10 22:51 - 00077824 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\82 -> 82
    IE trusted site: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\zijasecure.com -> hxxps://shield0.zijasecure.com

    IE restricted site: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\msn.com -> hxxp://www.msn.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\capndavid2001\Pictures\Vic and Me\014.JPG
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [{6962F3C6-3E75-43AC-9D91-6575AA5DDC87}] => (Allow) C:\Program Files\Dell\MediaDirect\PowerCinema.exe
    FirewallRules: [{3443AF16-82CB-4D17-864C-E741B2D169D3}] => (Allow) C:\Program Files\Dell\MediaDirect\PCMService.exe
    FirewallRules: [{F0A6D2FA-0B55-4AA2-9F8F-A5DEFB09137C}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe
    FirewallRules: [{5DF6FF92-3BDF-4245-83ED-220A6CFE3001}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe
    FirewallRules: [{3587AF70-726A-4DC2-9278-2A23F16E40E9}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
    FirewallRules: [{0A1E8647-9088-4BE0-8187-4A6D8FF2D805}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
    FirewallRules: [{9BAF7144-1EBE-4E8C-820C-F7A8169F185E}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
    FirewallRules: [{AE5A51FC-CFE8-4978-987E-DDB37E29F764}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
    FirewallRules: [{4B461AF4-AE5E-4B75-8BE1-815B7E594621}] => (Allow) LPort=1778
    FirewallRules: [{963EECB5-8240-423F-8F61-ED2FC837C2F1}] => (Allow) LPort=80
    FirewallRules: [{222AA356-2F05-4AE1-8204-BCF8040F2F43}] => (Allow) LPort=80
    FirewallRules: [{0DF5D023-7649-4BA8-983A-A0935E39D50C}] => (Allow) LPort=80
    FirewallRules: [{61506E02-7A3F-456F-9520-6B1E5880A39D}] => (Allow) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    FirewallRules: [{7B765400-D2D3-4ABF-AA5B-5AAFD7FAB5F7}] => (Allow) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    FirewallRules: [{4244CC59-0E7F-4C93-A4F0-4FF8F18E4C37}] => (Allow) LPort=1778
    FirewallRules: [{04A971EE-6069-49B3-BD85-B10B89C7E24B}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
    FirewallRules: [{757CCDEF-3324-4D46-B4D1-4A9D8CC9C51B}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
    FirewallRules: [{38B4474C-38D3-4BBA-B4A3-A0307B52FB47}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [{CDFEF342-B886-428D-BD89-5DE475D2F593}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [{E2D96D9A-E475-47C3-B2F1-F899B6FBBBB4}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [TCP Query User{7E0072B4-2BE2-4349-98DF-BEDF1521E740}C:\windows\system32\ipcamera.exe] => (Allow) C:\windows\system32\ipcamera.exe
    FirewallRules: [UDP Query User{402288E3-8BBC-4CF6-B034-E49907DBECFE}C:\windows\system32\ipcamera.exe] => (Allow) C:\windows\system32\ipcamera.exe
    FirewallRules: [TCP Query User{2B3ACD0C-15AA-49E0-B61F-38D13C6FDCCA}C:\windows\system32\ipcamera.exe] => (Allow) C:\windows\system32\ipcamera.exe
    FirewallRules: [UDP Query User{07DE54B0-2A8B-4E4B-9376-90614A3836A8}C:\windows\system32\ipcamera.exe] => (Allow) C:\windows\system32\ipcamera.exe
    FirewallRules: [{66C03662-D2D1-4286-B043-6764BF21A575}] => (Allow) C:\Users\capndavid2001\AppData\Local\Temp\7zS6FE5\setup\HPZnui01.exe
    FirewallRules: [{C1374211-A4C0-4668-916E-600D2658DCE9}] => (Allow) C:\Users\capndavid2001\AppData\Local\Temp\7zS6FE5\setup\HPZnui01.exe
    FirewallRules: [{DF8A33EF-F202-46A6-ABEF-0498F18C22CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A0037EB3-234A-4050-A634-589340ED0AA8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{6823EA88-64C7-42D0-9933-7BD91FF32A14}] => (Allow) E:\RouterSetup\QISWizard.exe
    FirewallRules: [{FE9E6389-612F-4F34-86C0-0F714FEC3B10}] => (Allow) E:\RouterSetup\QISWizard.exe
    FirewallRules: [{72032D1F-64B3-4351-B977-B4B33078F0EA}] => (Allow) C:\Program Files\ASUS\RT-N66R Wireless Router Utilities\Discovery.exe
    FirewallRules: [{7938BDFC-A3B3-4622-876C-CB78BEA948F4}] => (Allow) C:\Program Files\ASUS\RT-N66R Wireless Router Utilities\Discovery.exe
    FirewallRules: [{F13066B1-DD11-4C02-AE44-BFD517F80B0B}] => (Allow) C:\Program Files\ASUS\RT-N66R Wireless Router Utilities\Rescue.exe
    FirewallRules: [{D9C88C48-E02F-4E08-B8C7-ABC2F05B0839}] => (Allow) C:\Program Files\ASUS\RT-N66R Wireless Router Utilities\Rescue.exe
    FirewallRules: [{976828FB-F910-4E35-92D9-2F42B647F32F}] => (Allow) C:\Program Files\ASUS\RT-N66R Wireless Router Utilities\QISWizard.exe
    FirewallRules: [{62676F7E-5871-41DD-934D-A7C9F52CCE69}] => (Allow) C:\Program Files\ASUS\RT-N66R Wireless Router Utilities\QISWizard.exe
    FirewallRules: [TCP Query User{B5715681-0BB1-420E-A7E4-94C07A85303D}C:\program files\asus\rt-n66r wireless router utilities\discovery.exe] => (Allow) C:\program files\asus\rt-n66r wireless router utilities\discovery.exe
    FirewallRules: [UDP Query User{6C519BAF-E215-4C03-A704-A6817B275FCD}C:\program files\asus\rt-n66r wireless router utilities\discovery.exe] => (Allow) C:\program files\asus\rt-n66r wireless router utilities\discovery.exe
    FirewallRules: [{9556C3F8-CC2C-4157-8D15-964186E58476}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [TCP Query User{69A0CDA6-D08B-49C6-B96E-8EA6180A0057}C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{8BBC228B-0AC0-4915-9C2E-8C7E7828524B}C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{663DBF95-8538-4F47-A99E-43BAC3E0AFD9}C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{FACADA1F-CE8B-4AED-8183-EA9F32EA84C8}C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\capndavid2001\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{9467FD51-5A76-48EC-8DF0-993C13495D7C}C:\program files\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre7\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{BA82E10E-E824-41F1-9CFD-56B27923D776}C:\program files\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre7\bin\jp2launcher.exe
    FirewallRules: [TCP Query User{5003A938-E6FC-4D59-82BB-5B10E19E98C4}C:\program files\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre7\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{7F1A60ED-9992-4A32-A18C-670A4FDE5CC8}C:\program files\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre7\bin\jp2launcher.exe
    FirewallRules: [TCP Query User{983FE37D-BC1C-49C9-8C70-92EE4C5D32A3}C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{C0C9486D-E830-4A33-B11D-A73C155D1840}C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe
    FirewallRules: [TCP Query User{2478A5E2-1CF3-4A10-A62C-16179B6B658E}C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{E7EF8227-63B6-4C3F-BD3D-59BE972B29A8}C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\jp2launcher.exe
    FirewallRules: [{108E4BB3-90B5-45C5-B560-C6AF4031111F}] => (Allow) C:\Program Files\iTunes\iTunes.exe

    ==================== Faulty Device Manager Devices =============

    Name: Officejet 7300 series
    Description: Officejet 7300 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/30/2015 07:07:28 AM) (Source: ESENT) (EventID: 474) (User: )
    Description: wuaueng.dll (1212) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 293888000 (0x0000000011846000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 6789561512143880192 (0x5e395e3900000000) and the actual checksum was 6789561513924056186 (0x5e395e396a1b547a). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

    Error: (06/29/2015 07:08:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program mbam.exe version 1.0.2.929 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 88c
    Start Time: 01d0b2bc50b26a10
    Termination Time: 8

    Error: (06/29/2015 07:07:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 11e4
    Start Time: 01d0b2bf6c65e860
    Termination Time: 71

    Error: (06/29/2015 06:03:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: a84
    Start Time: 01d0b2bf6d672bc0
    Termination Time: 26

    Error: (06/29/2015 06:02:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 9.0.8112.16561, time stamp 0x539247f9, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x0004690e,
    process id 0x10c0, application start time 0xiexplore.exe0.

    Error: (06/29/2015 05:18:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 12c0
    Start Time: 01d0b26ea0201c30
    Termination Time: 0

    Error: (06/29/2015 07:05:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program ucixneje.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 1418
    Start Time: 01d0b208cdd33d80
    Termination Time: 172

    Error: (06/28/2015 06:21:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 430
    Start Time: 01d0b1f919217320
    Termination Time: 24

    Error: (06/28/2015 03:11:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 114c
    Start Time: 01d0b0ff25afed60
    Termination Time: 57

    Error: (06/27/2015 00:33:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 734
    Start Time: 01d0b0ff2daf0be0
    Termination Time: 22


    System errors:
    =============
    Error: (06/30/2015 07:01:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: AT&T Global Network Client Logging Service%%2

    Error: (06/30/2015 07:01:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: AT&T Global Network Client Service%%2

    Error: (06/30/2015 07:01:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: AT&T Network Configuration Service%%2

    Error: (06/30/2015 07:01:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: MCSTRM%%2

    Error: (06/30/2015 07:01:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Dell Wireless WLAN Tray Service%%2

    Error: (06/30/2015 07:01:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Pure Networks Device Discovery Driver%%2

    Error: (06/30/2015 06:57:51 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

    Error: (06/29/2015 06:52:01 AM) (Source: DCOM) (EventID: 10016) (User: capndavid200-PC)
    Description: machine-defaultLocalActivation{682159D9-C321-47CA-B3F1-30E36B2EC8B9}capndavid200-PCcapndavid2001S-1-5-21-2574564581-2394573384-1249639492-1000LocalHost (Using LRPC)

    Error: (06/29/2015 06:52:00 AM) (Source: DCOM) (EventID: 10016) (User: capndavid200-PC)
    Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}capndavid200-PCcapndavid2001S-1-5-21-2574564581-2394573384-1249639492-1000LocalHost (Using LRPC)

    Error: (06/28/2015 08:05:50 PM) (Source: DCOM) (EventID: 10016) (User: capndavid200-PC)
    Description: machine-defaultLocalActivation{682159D9-C321-47CA-B3F1-30E36B2EC8B9}capndavid200-PCcapndavid2001S-1-5-21-2574564581-2394573384-1249639492-1000LocalHost (Using LRPC)


    Microsoft Office:
    =========================
    Error: (06/30/2015 07:07:28 AM) (Source: ESENT) (EventID: 474) (User: )
    Description: wuaueng.dll1212SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb293888000 (0x0000000011846000)4096 (0x00001000)-1018 (0xfffffc06)6789561512143880192 (0x5e395e3900000000)6789561513924056186 (0x5e395e396a1b547a)71749 (0x11845)

    Error: (06/29/2015 07:08:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: mbam.exe1.0.2.92988c01d0b2bc50b26a108

    Error: (06/29/2015 07:07:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.1656111e401d0b2bf6c65e86071

    Error: (06/29/2015 06:03:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.16561a8401d0b2bf6d672bc026

    Error: (06/29/2015 06:02:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe9.0.8112.16561539247f9ntdll.dll6.0.6002.1888151da3e27c00000050004690e10c001d0b2bf300647c0

    Error: (06/29/2015 05:18:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.1656112c001d0b26ea0201c300

    Error: (06/29/2015 07:05:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: ucixneje.exe1.0.0.0141801d0b208cdd33d80172

    Error: (06/28/2015 06:21:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.1656143001d0b1f91921732024

    Error: (06/28/2015 03:11:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.16561114c01d0b0ff25afed6057

    Error: (06/27/2015 00:33:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.1656173401d0b0ff2daf0be022


    CodeIntegrity Errors:
    ===================================
    Date: 2015-06-30 07:19:01.390
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-30 07:19:00.925
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-30 07:19:00.456
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-30 07:18:59.987
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-29 19:36:00.357
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-29 19:35:59.876
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-29 19:35:59.423
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-29 19:35:58.690
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-29 19:35:58.221
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-06-29 19:35:57.749
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
    Percentage of memory in use: 47%
    Total physical RAM: 3061.31 MB
    Available physical RAM: 1616.13 MB
    Total Pagefile: 6324.88 MB
    Available Pagefile: 4907.19 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1900.36 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:136.47 GB) (Free:11.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.49 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 10000000)
    Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=136.5 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

    ==================== End of log ============================


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
    Ran by capndavid2001 (administrator) on CAPNDAVID200-PC on 30-06-2015 07:18:39
    Running from C:\Users\capndavid2001\Desktop
    Loaded Profiles: capndavid2001 (Available Profiles: capndavid2001)
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Teruten) C:\Windows\System32\FsUsbExService.Exe
    (Pinnacle Systems Inc.) C:\Program Files\Pinnacle\Drivers\pctvsvc.exe
    (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    (IDT, Inc.) C:\Windows\System32\stacsv.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
    (Dell Inc.) C:\Windows\System32\WLTRAY.EXE
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
    (Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [159744 2007-09-24] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [1548288 2007-03-21] (Dell Inc.)
    HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-04-16] (CyberLink Corp.)
    HKLM\...\Run: [dscactivate] => c:\dell\dsca.exe [16384 2007-07-30] ( )
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM\...\Run: [nmctxth] => C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [995184 2013-07-18] (Microsoft Corporation)
    HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-27] (IDT, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-06-23] (SUPERAntiSpyware)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [198704 2007-07-11] (SupportSoft, Inc.)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\capndavid2001\AppData\Local\Akamai\netsession_win.exe"
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2007-12-08]
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-01-08]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-03-10]
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk [2007-12-08]
    ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [2011-04-01] (LaCie AG)
    ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [2011-04-01] (LaCie AG)
    ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [2011-04-01] (LaCie AG)
    ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [2011-04-01] (LaCie AG)
    ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17] (EldoS Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.duckduckgo
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000 -> {7CCA6552-433F-49F0-BC32-E896736B4338} URL = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20141148,20028,0,18,0
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17] (EldoS Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-20] (Oracle Corporation)
    BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-20] (Oracle Corporation)
    DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://172.25.75.24/auth/taweb.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
    DPF: {C1CF79A8-3261-4C29-9F6E-7971FE2686A6} https://labondemand.com/ActiveX/VMConnectControl.cab
    DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} https://172.25.75.24/auth/CCALogin.CAB
    DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-07-14] (Cisco Systems, Inc.)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{25CCCF37-120D-4D4A-8F10-CFEA457F0E33}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{4CAA0F40-D16B-4DC4-A6CB-077BD9F28F0F}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{862AA2AE-2419-4156-A2FC-BE9019C79955}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{E74B8449-7AE7-4041-AC4D-2DD2A6225F2F}: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Windows\system32\npdeployJava1.dll [2014-10-20] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-20] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-20] (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-02] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-02] (RealNetworks, Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2574564581-2394573384-1249639492-1000: @citrixonline.com/appdetectorplugin -> C:\Users\capndavid2001\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-29] (Citrix Online)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-10]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
    S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [585728 2006-12-10] (Hewlett-Packard Co.) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-07-18] (Microsoft Corporation)
    R2 pctvsvc; C:\Program Files\Pinnacle\PCTV To Go Setup Wizard\..\Drivers\pctvsvc.exe [125952 2007-06-27] (Pinnacle Systems Inc.) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
    R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
    R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202800 2007-07-11] (SupportSoft, Inc.)
    S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
    S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1724416 2007-03-21] (Dell Inc.) [File not signed]
    S2 netcfgsvr; "C:\Program Files\AT&T Global Network Client\netcfgsvr.exe" [X]
    S2 NetClientSvc; "C:\Program Files\AT&T Global Network Client\NetClientSvc.exe" [X]
    S2 NetLogSvc; "C:\Program Files\AT&T Global Network Client\NetLogSvc.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 avpnnic; C:\Windows\System32\DRIVERS\avpnnic.sys [11392 2010-02-25] (AT&T) [File not signed]
    R3 BoosterKey; C:\Windows\System32\DRIVERS\pctvkey.sys [16384 2007-06-27] (Pinnacle Systems Inc.)
    R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [275088 2011-01-17] (EldoS Corporation)
    S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
    R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
    R3 havanet; C:\Windows\System32\DRIVERS\pctvnet.sys [14848 2007-06-27] (Pinnacle Systems Inc.)
    R3 HAVATV; C:\Windows\System32\DRIVERS\PCTV.sys [347904 2007-06-27] (Pinnacle Sytems Inc.)
    R3 HavaTV_10; C:\Windows\System32\DRIVERS\PCTV_10.sys [347904 2007-06-27] (Pinnacle Sytems Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
    S3 OXSDIDRV_x32; C:\Windows\System32\DRIVERS\OXSDIDRV_x32.sys [52656 2009-09-28] ()
    S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
    R3 pctvbus; C:\Windows\System32\DRIVERS\pctvbus.sys [25088 2007-06-27] (Pinnacle Systems Inc.)
    R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [98560 2010-04-26] (MCCI Corporation)
    S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [14848 2010-04-26] (MCCI Corporation)
    S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [123648 2010-04-26] (MCCI Corporation)
    S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [215552 2011-05-13] (Sierra Wireless Incorporated)
    S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx.sys [83968 2011-05-16] (Sierra Wireless Inc.)
    S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [26760 2008-08-22] ()
    S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [208128 2011-03-03] (Sierra Wireless Inc.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\CAPNDA~1\AppData\Local\Temp\catchme.sys [X]
    S3 cpuz134; \??\C:\Users\CAPNDA~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S2 MCSTRM; No ImagePath
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S2 pnarp; system32\DRIVERS\pnarp.sys [X]
    S3 SNDMon; system32\DRIVERS\SNDMon.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-30 07:18 - 2015-06-30 07:19 - 00021851 _____ C:\Users\capndavid2001\Desktop\FRST.txt
    2015-06-30 07:17 - 2015-06-30 07:17 - 01636352 _____ (Farbar) C:\Users\capndavid2001\Desktop\FRST.exe
    2015-06-29 17:33 - 2015-06-29 17:33 - 00001251 _____ C:\Users\capndavid2001\Desktop\SUPERAntiSpyware Scan Log - 06-29-2015 - 17-32-37.log
    2015-06-29 17:32 - 2015-06-29 17:32 - 00011002 _____ C:\Users\capndavid2001\Desktop\hijackthis 6_15.log
    2015-06-28 00:15 - 2015-06-30 06:52 - 00000706 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2574564581-2394573384-1249639492-1000.job
    2015-06-23 20:03 - 2015-06-30 06:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-23 20:03 - 2015-06-23 20:03 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-06-23 20:03 - 2015-06-23 20:03 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-06-23 18:32 - 2015-06-23 18:32 - 00000000 ____D C:\ProgramData\Radio

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-30 07:18 - 2013-12-18 21:46 - 00000000 ___DC C:\FRST
    2015-06-30 07:14 - 2007-12-08 14:58 - 01110469 _____ C:\Windows\WindowsUpdate.log
    2015-06-30 07:11 - 2013-06-23 10:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-30 07:06 - 2006-11-02 05:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-06-30 07:06 - 2006-11-02 05:23 - 00000275 _____ C:\Windows\win.ini
    2015-06-30 07:03 - 2013-06-23 10:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-30 07:00 - 2014-07-29 16:14 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-06-30 07:00 - 2013-12-11 13:47 - 00120526 _____ C:\Windows\PFRO.log
    2015-06-30 07:00 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-30 07:00 - 2006-11-02 07:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-30 07:00 - 2006-11-02 07:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-30 06:58 - 2007-12-08 15:07 - 00000012 _____ C:\Windows\bthservsdp.dat
    2015-06-30 06:58 - 2006-11-02 08:01 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-06-30 06:25 - 2014-03-29 11:06 - 00000610 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2574564581-2394573384-1249639492-1000.job
    2015-06-30 06:15 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\Performance
    2015-06-30 06:07 - 2014-09-04 20:35 - 00000000 ____D C:\ProgramData\Browser
    2015-06-29 19:15 - 2014-07-29 16:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-06-29 17:36 - 2014-07-29 16:15 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-29 17:36 - 2014-07-29 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-29 07:04 - 2012-03-08 12:41 - 00066048 _____ C:\Users\capndavid2001\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-06-23 19:18 - 2012-03-08 18:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-06-23 18:52 - 2014-01-22 22:24 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2015-06-23 18:51 - 2013-12-13 12:35 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2015-06-23 17:52 - 2013-01-04 23:11 - 00000609 _____ C:\Users\capndavid2001\Desktop\Network Security.txt

    ==================== Files in the root of some directories =======

    2012-03-09 10:55 - 2012-12-22 15:12 - 0870128 _____ () C:\Users\capndavid2001\AppData\Roaming\mcs.rma
    2014-10-07 10:12 - 2014-10-07 10:12 - 0000320 _____ () C:\Users\capndavid2001\AppData\Roaming\SEC3538888.trad
    2012-03-27 20:43 - 2014-03-15 15:35 - 0005864 _____ () C:\Users\capndavid2001\AppData\Local\d3d9caps.dat
    2012-03-08 12:41 - 2015-06-29 07:04 - 0066048 _____ () C:\Users\capndavid2001\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-03-28 15:07 - 2012-11-15 11:31 - 8892928 _____ () C:\ProgramData\atscie.msi
    2010-02-25 13:23 - 2010-02-25 13:23 - 0217942 _____ () C:\ProgramData\DeviceManager.xml.rc4

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-30 07:15

    ==================== End of log ============================

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/29/2015
    Scan Time: 7:15:48 PM
    Logfile: Malware Log File 6_30_15.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.06.29.06
    Rootkit Database: v2015.06.26.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: capndavid2001

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 355678
    Time Elapsed: 38 min, 9 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    Task: {98B744CB-613C-484E-BA27-2D227C40B210} - System32\Tasks\Omrucsuamuf => C:\ProgramData\Omrucsuamuf\1.0.2.1\ucixneje.exe
    Task: {BF64506F-6B36-4A9E-AE05-836119F0EF3C} - System32\Tasks\RegCure Pro => C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe
    C:\Program Files\ParetoLogic\RegCure Pro
    Task: {F515A68F-E761-4847-B3F1-E27A5F5AAD91} - \ASP No Task File <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
    FirewallRules: [{66C03662-D2D1-4286-B043-6764BF21A575}] => (Allow) C:\Users\capndavid2001\AppData\Local\Temp\7zS6FE5\setup\HPZnui01.exe
    FirewallRules: [{C1374211-A4C0-4668-916E-600D2658DCE9}] => (Allow) C:\Users\capndavid2001\AppData\Local\Temp\7zS6FE5\setup\HPZnui01.exe
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    S2 netcfgsvr; "C:\Program Files\AT&T Global Network Client\netcfgsvr.exe" [X]
    S2 NetClientSvc; "C:\Program Files\AT&T Global Network Client\NetClientSvc.exe" [X]
    S2 NetLogSvc; "C:\Program Files\AT&T Global Network Client\NetLogSvc.exe" [X]
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\CAPNDA~1\AppData\Local\Temp\catchme.sys [X]
    S3 cpuz134; \??\C:\Users\CAPNDA~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S2 MCSTRM; No ImagePath
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S2 pnarp; system32\DRIVERS\pnarp.sys [X]
    S3 SNDMon; system32\DRIVERS\SNDMon.sys [X]
    CMD: bitsadmin /reset /allusers
    CMD: ipconfig /flushdns
    Emptytemp:
    Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to your Desktop (Must be in this location)
    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

  6. #6
    Member
    Join Date
    Dec 2008
    Location
    Austin, Texas
    Posts
    102
    Points
    4
    Blog Entries
    1

    Default

    Wow my laptop is much faster now and no more pop ups. I am so grateful for you and your team. Anyway, here's the log file.

    Fix result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
    Ran by capndavid2001 at 2015-07-01 06:18:18 Run:1
    Running from C:\Users\capndavid2001\Desktop
    Loaded Profiles: capndavid2001 (Available Profiles: capndavid2001)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    Task: {98B744CB-613C-484E-BA27-2D227C40B210} - System32\Tasks\Omrucsuamuf => C:\ProgramData\Omrucsuamuf\1.0.2.1\ucixneje.exe
    Task: {BF64506F-6B36-4A9E-AE05-836119F0EF3C} - System32\Tasks\RegCure Pro => C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe
    C:\Program Files\ParetoLogic\RegCure Pro
    Task: {F515A68F-E761-4847-B3F1-E27A5F5AAD91} - \ASP No Task File <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
    FirewallRules: [{66C03662-D2D1-4286-B043-6764BF21A575}] => (Allow) C:\Users\capndavid2001\AppData\Local\Temp\7zS6FE5\setup\HPZnui01.exe
    FirewallRules: [{C1374211-A4C0-4668-916E-600D2658DCE9}] => (Allow) C:\Users\capndavid2001\AppData\Local\Temp\7zS6FE5\setup\HPZnui01.exe
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\S-1-5-21-2574564581-2394573384-1249639492-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    S2 netcfgsvr; "C:\Program Files\AT&T Global Network Client\netcfgsvr.exe" [X]
    S2 NetClientSvc; "C:\Program Files\AT&T Global Network Client\NetClientSvc.exe" [X]
    S2 NetLogSvc; "C:\Program Files\AT&T Global Network Client\NetLogSvc.exe" [X]
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\CAPNDA~1\AppData\Local\Temp\catchme.sys [X]
    S3 cpuz134; \??\C:\Users\CAPNDA~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S2 MCSTRM; No ImagePath
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S2 pnarp; system32\DRIVERS\pnarp.sys [X]
    S3 SNDMon; system32\DRIVERS\SNDMon.sys [X]
    CMD: bitsadmin /reset /allusers
    CMD: ipconfig /flushdns
    Emptytemp:
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{98B744CB-613C-484E-BA27-2D227C40B210}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98B744CB-613C-484E-BA27-2D227C40B210}" => key removed successfully.
    C:\Windows\System32\Tasks\Omrucsuamuf => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Omrucsuamuf" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF64506F-6B36-4A9E-AE05-836119F0EF3C}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF64506F-6B36-4A9E-AE05-836119F0EF3C}" => key removed successfully.
    C:\Windows\System32\Tasks\RegCure Pro => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegCure Pro" => key removed successfully.
    "C:\Program Files\ParetoLogic\RegCure Pro" => File/Folder not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F515A68F-E761-4847-B3F1-E27A5F5AAD91}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F515A68F-E761-4847-B3F1-E27A5F5AAD91}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP" => key removed successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys" => key removed successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\atashost" => key removed successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys" => key removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66C03662-D2D1-4286-B043-6764BF21A575} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C1374211-A4C0-4668-916E-600D2658DCE9} => value removed successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
    "HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully.
    HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
    netcfgsvr => Service removed successfully.
    NetClientSvc => Service removed successfully.
    NetLogSvc => Service removed successfully.
    blbdrive => Service removed successfully.
    catchme => Service removed successfully.
    cpuz134 => Service removed successfully.
    IpInIp => Service removed successfully.
    MCSTRM => Service removed successfully.
    NwlnkFlt => Service removed successfully.
    NwlnkFwd => Service removed successfully.
    pnarp => Service removed successfully.
    SNDMon => Service removed successfully.

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.0.6001 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    Unable to cancel {1DFA0F24-A0AA-4665-9E35-CBD6FE6CB145}.
    Unable to cancel {2736B472-473F-4AA6-A03D-5F9CC00839BA}.
    Unable to cancel {4E89951C-F68B-4970-9885-DDA1BD37D421}.
    Unable to cancel {6339E3BF-4385-4169-BFE1-C32D38E991B3}.
    Unable to cancel {3B435C9C-A889-4885-9421-29D3028967E5}.
    Unable to cancel {EB25EF7A-430C-458D-B806-88CACD5BEDC4}.
    Unable to cancel {3E6D4B28-EAA9-4E07-B12B-7329F0461D86}.
    Unable to cancel {FCF92FDC-EF33-4A38-88C3-DCE994C88AA1}.
    Unable to cancel {55C90906-E33C-4B01-B182-7A06A3266448}.
    Unable to cancel {9A97E072-48EE-4434-9C2E-2EB7BF04D441}.
    Unable to cancel {6EE3B488-2A47-41E9-8BF7-8F796A42E8F0}.
    Unable to cancel {071DA79B-0D5C-4999-B957-80FBC019224F}.
    Unable to cancel {26E99E3A-CD1A-4F07-B7DA-47BAEB8C413D}.
    Unable to cancel {299B3563-9FDF-4223-BF9E-D285C6568551}.
    Unable to cancel {D2DB21F1-9F31-481D-B307-94C691D981E0}.
    Unable to cancel {ACED48DE-E890-430F-A26A-F3D0B38C9A22}.
    Unable to cancel {AB5586D6-E212-4844-8569-C8C5D0F1954B}.
    Unable to cancel {764F03B9-A330-45C4-A186-861108AD0E49}.
    Unable to cancel {2EE93BF4-BAB2-4719-A817-A98E20513EC4}.
    Unable to cancel {AC558134-26D5-49F5-8F27-86E6284EC501}.
    Unable to cancel {77237945-405F-49D1-AD5B-779FEEFE711E}.
    Unable to cancel {2448C460-5F56-4B2C-9115-75798BF0ABE2}.
    Unable to cancel {0733BD6F-1419-4098-9CD5-3BA21D77DF62}.
    Unable to cancel {13C1F4B0-4F4B-4A94-850D-D46ED6BF023F}.
    Unable to cancel {E5A38BE5-9645-467A-A89A-9C628B3BE10D}.
    Unable to cancel {C3686E1C-E42E-405D-97AE-1430D0ABB8AE}.
    0 out of 26 jobs canceled.

    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => 811 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 06:21:13 ====

  7. #7
    Member
    Join Date
    Dec 2008
    Location
    Austin, Texas
    Posts
    102
    Points
    4
    Blog Entries
    1

    Default

    ONe more question Zep, what does the "unable to cancel" mean in the fixlog?

  8. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    It just means that all the jobs are legitimate windows ones, the adware ones are not protected so can be deleted